Deploy autonomous AI agents that reason, exploit, and validate complex vulnerability chains — not another scanner, an agentic system that thinks like a senior pentester.
Filter and search through 199,971 vulnerabilities
| CVE ID | Description | CVSS | Priority | Trend | Exploit | Patch |
|---|---|---|---|---|---|---|
| CVE-2026-34076 | ## Summary The `clerkFrontendApiProxy` function in `@clerk/backend` is vulnerable to Server-Side Request Forgery (SSRF). An unauthenticated attacker ... | 0.0 | 0 | Neutral | No |
| Yes |
| CVE-2026-34073 | cryptography is a package designed to expose cryptographic primitives and recipes to Python developers. Prior to version 46.0.6, DNS name constraints ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-34060 | Ruby LSP is an implementation of the language server protocol for Ruby. Prior to Shopify.ruby-lsp version 0.10.2 and ruby-lsp version 0.26.9, the ruby... | 9.8 | 0 | Neutral | No | Yes |
| CVE-2026-34046 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.5.1, the `_read_flow` helper in `src/backend/base/la... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-34041 | act is a project which allows for local running of github actions. Prior to version 0.2.86, act unconditionally processes the deprecated ::set-env:: a... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33994 | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Starting in version 2.0.39 and prior to version 3.0.25, ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33993 | Locutus brings stdlibs of other programming languages to JavaScript for educational purposes. Prior to version 3.0.25, the `unserialize()` function in... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33990 | ## Summary Docker Model Runner contains an SSRF vulnerability in its OCI registry token exchange flow. When pulling a model, Model Runner follows the ... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33981 | changedetection.io is a free open source web page change detection tool. Prior to 0.54.7, the `jq:` and `jqraw:` include filter expressions allow use ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33977 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, a malicious RDP server can crash the FreeRDP client by sendi... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33952 | FreeRDP is a free implementation of the Remote Desktop Protocol. Prior to version 3.24.2, an unvalidated auth_length field read from the network trigg... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33949 | ### Summary A Path Traversal vulnerability in `@tinacms/graphql` allows unauthenticated users to write and overwrite arbitrary files within the projec... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33946 | MCP Ruby SDK is the official Ruby SDK for Model Context Protocol servers and clients. Prior to version 0.9.2, the Ruby SDK's streamable_http_transport... | 8.2 | 0 | Neutral | No | Yes |
| CVE-2026-33935 | MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.72, an unauthenticated attacker can lock out administrat... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33890 | MyTube is a self-hosted downloader and player for several video websites Prior to version 1.8.71, an unauthenticated attacker can register an arbitrar... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33881 | Windmill is an open-source developer platform for internal code: APIs, background jobs, workflows and UIs. Workspace environment variable values are i... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33879 | Federated Learning and Interoperability Platform (FLIP) is an open-source platform for federated training and evaluation of medical imaging AI models ... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33873 | Langflow is a tool for building and deploying AI-powered agents and workflows. Prior to version 1.9.0, the Agentic Assistant feature in Langflow execu... | 0.0 | 0 | Neutral | No | No |
| CVE-2026-33872 | elixir-nodejs provides an Elixir API for calling Node.js functions. A vulnerability in versions prior to 3.1.4 results in Cross-User Data Leakage or I... | 0.0 | 0 | Neutral | No | Yes |
| CVE-2026-33864 | ### Summary A prototype pollution vulnerability exists in the latest version of the convict npm package (6.2.4). Despite a previous fix that attempted... | 0.0 | 0 | Neutral | No | Yes |